Resolved redwine.hopewill-imm.com to 80.241.218.79 Server: redwine.hopewill-imm.com Gate file: /papernews/paperboard.php Alternate domains: artgallery.keramikart.ro jetplane.yangon-airways.com flight.yangon-airways.com abroad.laos-airlines.net plates.ceramic1.com Hosting infos: http://whois.domaintools.com/80.241.218.79 Related md5s (Download sample from Malwr.com) Betabot: 3d250757e1b306b899652ef3c5ef93a7
mklist.myjino.ru (Madness DDOS bot hosted by avguro.com)
Resolved mklist.myjino.ru to 81.177.141.202 Server: mklist.myjino.ru Gate file: /mad/index.php Info about this malware can be found in this blogpost by Kafeine. Hosting infos: http://whois.domaintools.com/81.177.141.202 Related md5s (Download sample from Malwr.com) Madness: e0b9c947735ee8da2ea1eb7de664b13c
spamtheinter.net (Pony loader hosted by ecatel.net)
Resolved spamtheinter.net to 94.102.51.123 Server: spamtheinter.net Gate file: /pony/gate.php Hosting infos: http://whois.domaintools.com/94.102.51.123 Related md5 (Download sample from Malwr.com) Pony: ab5c96e927c863a773271347a5713486
thepremiumsellers.com (Solar http botnet hosted by Ecatel.net)
Resolved thepremiumsellers.com to 94.102.51.123 Server: thepremiumsellers.com Gate file: /sol/index.php Hosting infos: http://whois.domaintools.com/94.102.51.123 Related md5 (Download sample from Malwr.com) Solar: f8fa95baecf6423c6e44ad701164fdd2
renterlocal.su (betabot http botnet hosted by fastflux botnet)
Server: renterlocal.su Gate file: /be/order.php Alternate domains: municipales.ru wmkdi.su dfntlk.su captioncodes.ru juliussdietz.ru Hosting infos: ; <<>> DiG 9.6.1-P1 <<>> renterlocal.su ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8938 ;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 4, ADDITIONAL: 12 ;; QUESTION SECTION: ;renterlocal.su. IN A ;;Read more...
burrito.wut.re (Athena irc botnet hosted by ovh.net)
Resolved to burrito.wut.re to 37.59.53.162 Server: burrito.wut.re Port: 6667 Channel: ##a Hosting infos: http://whois.domaintools.com/37.59.53.162 Related md5 (Download samples from Malwr.com) Athena: ac5b059a66ab7005051e0afa598a7757
24E1tRfQaf31.in (Betabot http botnet hosted by ecatel.net)
Resolved 24e1trfqaf31.in to 94.102.49.76 Server: 24e1trfqaf31.in Gate file: /Kuod_9381a/order.php Alternate domains: 24ttgaezrtawae.in 13893ygh1uvbad.inibfuo2t1g1qdewr3.in (Currently suspended) The WHOIS info for this domain is pretty interesting. Looks like someone copied the WHOIS info of a major hackforums scammer. Hosting infos: http://whois.domaintools.com/94.102.49.76 Related md5s (Download samples from Malwr.com) Betabot: b47a148b57ce6a7e6e57b039315c77d4
sloodam.in (Betabot http botnet proxied by cloudflare.com)
Server: sloodam.in Gate file: /lolserver/james/order.php Yet another scriptkiddie seems to think that cloudflare is the best place to host his botnet. Lets see how fast they shut this down. Related md5s (Search on Malwr.com to download samples) Betabot: faf473886ef8775d6514ab898a550b3e
203.81.204.105(14k Linux bots hosted in Pakistan Karachi South Cmbroadband Noc)
Big heckers big net. Thnx to loadx and Yewnix for the ownage and exposing them. Everything is inside the config file: /* Type of comments */ #Comment type 1 (Shell type) // Comment type 2(C++ style) /* Comment type 3 (C Style) */ #those lines are ignored by the ircd. loadmodule "src/modules/commands.so"; #loadmodule "cloak.dll"; #includeRead more...
fewet.com (Athena http botnet hosted by wrzhost.com)
Resolved fewet.com to 91.218.244.229 Server: fewet.com Gate file: /panel/gate.php Hosting infos: http://whois.domaintools.com/91.218.244.229 Related md5s (Search on malwr.com to download samples) Athena: 00238d56ef41e39b7b1ec7870677efa0